Auditing Standard No. 16
Communications with Audit Committees
Appendix C — Matters Included in the Audit Engagement Letter
C1. The auditor should include the following matters in the engagement letter.1/ The auditor's description of these matters will vary depending on whether the auditor is engaged in a financial statement audit or in an audit of internal control over financial reporting that is integrated with an audit of financial statements ("integrated audit").
- The objective of the audit is:
- Integrated audit: The expression of an opinion on both the effectiveness of internal control over financial reporting and the financial statements.
- Audit of financial statements: The expression of an opinion on the financial statements.
- Auditor's responsibilities:
- The auditor is responsible for conducting the audit in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that the auditor:
- Integrated audit: Plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud, and whether effective internal control over financial reporting was maintained in all material respects. Accordingly, there is some risk that a material misstatement of the financial statements or a material weakness in internal control over financial reporting would remain undetected. Although not absolute assurance, reasonable assurance is a high level of assurance. Also, an integrated audit is not designed to detect error or fraud that is immaterial to the financial statements or deficiencies in internal control over financial reporting that, individually or in combination, are less severe than a material weakness. If, for any reason, the auditor is unable to complete the audit or is unable to form or has not formed an opinion, he or she may decline to express an opinion or decline to issue a report as a result of the engagement.
- Audit of financial statements: Plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Accordingly, there is some risk that a material misstatement would remain undetected. Although not absolute assurance, reasonable assurance is a high level of assurance. Also, a financial statement audit is not designed to detect error or fraud that is immaterial to the financial statements. If, for any reason, the auditor is unable to complete the audit or is unable to form or has not formed an opinion, he or she may decline to express an opinion or decline to issue a report as a result of the engagement.
- An audit includes:
- Integrated audit: In fulfillment of the responsibilities noted above, the auditor communicates:
- To the audit committee and management: all material weaknesses in internal control over financial reporting identified during the audit, in writing.
- To the audit committee: all significant deficiencies identified during the audit, in writing, and informs the audit committee when the auditor has informed management of all internal control deficiencies.
- To management: all internal control deficiencies identified during the audit and not previously communicated in writing by the auditor or by others, including internal auditors or others within the company.
- To the board of directors: any conclusion that the audit committee's oversight of the company's external financial reporting and internal control over financial reporting is ineffective, in writing.
- Audit of financial statements: Obtaining an understanding of internal control sufficient to plan the audit and to determine the nature, timing, and extent of audit procedures to be performed.2/ An audit of financial statements is not designed to provide assurance on internal control or to identify internal control deficiencies. However, the auditor is responsible for communicating:
- To the audit committee and management: all significant deficiencies and material weaknesses identified during the audit, in writing.
- To the board of directors: if the auditor becomes aware that the oversight of the company's external financial reporting and internal control over financial reporting by the audit committee is ineffective, that conclusion, in writing.
- Integrated audit: In fulfillment of the responsibilities noted above, the auditor communicates:
- The auditor is responsible for conducting the audit in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that the auditor:
- Management's responsibilities:
- Management is responsible for the company's financial statements, including disclosures.
- Management is responsible for establishing and maintaining effective internal control over financial reporting.
- Management is responsible for identifying and ensuring that the company complies with the laws and regulations applicable to its activities.
- Management is responsible for making all financial records and relevant information available to the auditor.
- At the conclusion of the engagement, management will provide the auditor with a letter that confirms certain representations made during the audit.
- Management is responsible for adjusting the financial statements to correct material misstatements relating to accounts or disclosures and for affirming to the auditor in the representation letter that the effects of any uncorrected misstatements aggregated by the auditor are immaterial, both individually and in the aggregate, to the financial statements taken as a whole.
C2. In connection with a review of interim financial information, to confirm and document the understanding, the auditor should either: (a) document in the audit engagement letter the nature and objectives of the engagement to review interim financial information and the responsibilities of management and the auditor or (b) issue a separate engagement letter that addresses such matters.3/
1/ Certain matters should not be included in an engagement letter; for example, under Securities and Exchange Commission, Section 602.02.f.i. of the Codification of Financial Reporting Policies, indemnification provisions are not permissible for audits of issuers.
2/ AU sec. 325, Communications About Control Deficiencies in an Audit of Financial Statements, provides direction on control deficiencies identified in an audit of financial statements.
3/ Paragraphs .08-.09 of AU sec. 722, Interim Financial Information, discuss the auditor's responsibilities related to establishing an understanding with the audit committee in connection with a review of the company's interim financial information.